Community Tip - Have a PTC product question you need answered fast? Chances are someone has asked it before. Learn about the community search. X
Hey, im trying to setup the SSO integration with our Azure AD, on Azure im able to get the correct answer and to test it correctly. on the Chalk side I get : There was an error while testing your Identity Provider:
The 'email' attribute mapping is incorrect.
When i look in the Azure AD app, it's the same email as the one im connected.
Do you know if their is special things to do to get this working ?
thanks,
Could be a couple different things.
Can you confirm the email attribute you are entering into the configuration is correct? You can check this in your metadata.xml file.
The other thing it could be is your email addresses being sent from your IdP have uppercase letters in them. The email addresses coming from your IdP need to match those in the Admin Center exactly and the Admin Center stores emails in all lowercase.
Looking into the xml it's Email
the email goes as follow :
<auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
<auth:DisplayName>Email</auth:DisplayName>
<auth:Description>Email address of the user.</auth:Description>
</auth:ClaimType>
In azure, i see the claims being made and it's the same email entered in the portal.
Looks like your email attribute to enter into the SSO configuration is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress. Please try using that instead of 'Email' and let me know the results.
Just tried again in a in-private session and same error 😞
Can you confirm that your IdP is sending the email address in all lowercase? Azure has a ToLower() claims transformation for this: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization
If that's all set, please PM me your company info and I'll look into this on our side.
Yes all lowercase,
I will send you a pm with more info.
Thanks !
the problem was resolved, there were two things:
1. Bad entry on the Vuforia SSO configuration database
2. We made the setup using the claim transformation attribute name, for some reason the emailaddress attribute return the uppercase email, even that SAML response was in lower case.
Regards,
Ricardo